A trojan horse named "Flashback" that surfaced last year is believed to have created a botnet including more than 600,000 infected Macs around the world, with more than half of them in the U.S. alone.

Russian antivirus company Dr. Web issued a report on Wednesday noting that 550,000 computers running OS X had been infected by BackDoor.Flashback variants of the malware, as highlighted by ArsTechnica.

An analyst for the company later updated the figure to note that the size of the botnet had reached 600,00. He also pointed out that 274 bots are originating from Apple's hometown of Cupertino, Calif.

According to a map released by the firm, 56.6 percent of infected computers are located in the United States. Canada was second with 19.8 percent, followed by the U.K. with 12.8 percent of cases.

Apple released a Java Security update on Tuesday to resolve the vulnerabilities that the malware is exploiting, but not before a number of Mac users had been hit with the malicious software. Oracle first issued a fix for the vulnerability in February.

Security firm Intego publicized the Flashback trojan last September. Some variants of the software were even discovered with the potential to disable anti-malware protections within OS X.

- "Dr. Web" of Russia is for real?
- they actually know what they are talking about?
- they have some fact-based stats, and are not pulling numbers out of their butt?
- anybody knows the identify of any of the purported Trojan websites? like even one? and has proved it is in fact operational as reported?

What is it now? Didn't you write, that it is a trojan, but now you write, it is a virus.
Make up your mind.

Anyway, since there are no viruses affecting Mac OS X in public circulation, this is probably a trojan. To learn the difference, which is just a tiny bit important, as the word "virus" probably gets you more clicks, look here.

- "Dr. Web" of Russia is for real?
- they actually know what they are talking about?
- they have some fact-based stats, and are not pulling numbers out of their butt?
- anybody knows the identify of any of the purported Trojan websites? like even one? and has proved it is in fact operational as reported?

I find it striking that Dr. Web know exactly how many bots came from Cupertino ... not 273 and not 275...exactly 274.

PS: No AV software either and i strongly discourage using AV on Macs for the time being. My whole office is packed with Macs and, among others, as IT administrator, we had no problems whatsoever with any kind of malware ever. Those apps like MacScan and AV software imho are made just to sell you their product for bs reasons. Practice safe computing and common sense and it's all ok

Ive never run AV software, but I also never enable Java unless a web site needs it for something important.*

A trojan (NOT virus) is essentially a lie: someone tells you to install something, and you decide to trust them, but what you get is actually something different. There can never be complete protection from being lied to--although Apple seems to have largely cracked that challenge with Lion. So enjoy your Mac trojan-making while you can!

- "Dr. Web" of Russia is for real?
- they actually know what they are talking about?
- they have some fact-based stats, and are not pulling numbers out of their butt?
- anybody knows the identify of any of the purported Trojan websites? like even one? and has proved it is in fact operational as reported?

My thoughts exactly. It is always amazing how these "security companies" come up with such exact numbers, that too country wise! And always from pedlars of "security software". Talk about vested interest or scareware as you wish to call it.

I WAS infected with this Trojan, until I saw this article and followed the uninstall instructions. The trojan installed without my permission ~ March 3rd according to the file date of the trojan that was installed.

I had the variant that installed in my global preferences and intercepted my Safari screen characters and keystrokes. It got access to my Mac using Java, without me typing the Admin password or notifying me to install it. This stealth trojan had been running for about a month now, before I discovered it.

I have now turned off Java, and updated to the latest Apple supplied version of Java which they just released a day or so ago. This exploit in Java has been known since February, and I am very annoyed with Apple for not fixing their version of Java, and notifying us of this earlier. It would have likely prevented the Java hole to exist that this trojan exploited to infect my Mac Pro without my knowledge.

I was unhappy to find out today that I had this trojan installed on my Mac Pro, but I am relieved now that I was able to uninstall it. I changed my various online account passwords, to prevent the people who ran this botnet from using my personal account names and passwords.

I thought my Mac was more secure than this. I appreciate the reports about this trojan, which caused me to check, and let me know my Mac had been compromised.

If any of these are found, the malware will skip the rest of its routine and proceed to delete itself."

Good thing I've got Little Snitch installed, no Trojan here.

Not necessarily true, I got the .rserv variant in my home folder the other day, luckily I have Little Snitch installed but that didn't prevent it faking a software update dialogue in a failed attempt to have me give it my password, or prevent it attempting to download the payload from various Russian servers... which was blocked by Little Snitch, alerting me to the trojan.

I'm an IT guy - I probably got this from an unsafe website like a bittorrent site and the trojan didn't manage to install but the fact that it downloaded itself and faked a software update dialogue is deeply troubling!
In our office I'm the only one with the admin password though, so although people could download the trojan the impact should be limited.

I noticed Dr Web posting on the apple communities posts regarding this issue - he seemed well informed - but given that it's been proven before that a large Russian group is responsible for at least a large part of these attacks it is kinda funny to see a Russian antivirus company cited here.

As a side note, Software update popped up while I was reading this article to inform me that the java update was available, and it weighs in at 66.6 MB... clearly evil things are going on, although following the steps in the article I came up clear on it.

- "Dr. Web" of Russia is for real?
- they actually know what they are talking about?
- they have some fact-based stats, and are not pulling numbers out of their butt?
- anybody knows the identify of any of the purported Trojan websites? like even one? and has proved it is in fact operational as reported?

Yes it is for real. You could have find out yourself if you have checked with Google. But of course you can not use Google because Google is "The Enemy", right?
Doctor web is an antivirus company established in 1992: http://en.wikipedia.org/wiki/Dr._Web

Please... do not fall to the shame and disgrace of publishing sensationalism. You do not need to garnish more page views from this tactic. Keep your loyal readers by keeping to sensible journalistic standards!

What you term as a "Virus" is NOT a virus. Here is the one and only thing you really need to know (though better to know more). If you need to enter in your (admin) password, its not a virus. Simple!

I WAS infected with this Trojan, until I saw this article and followed the uninstall instructions. The trojan installed without my permission ~ March 3rd according to the file date of the trojan that was installed.

I had the variant that installed in my global preferences and intercepted my Safari screen characters and keystrokes. It got access to my Mac using Java, without me typing the Admin password or notifying me to install it. This stealth trojan had been running for about a month now, before I discovered it.

I have now turned off Java, and updated to the latest Apple supplied version of Java which they just released a day or so ago. This exploit in Java has been known since February, and I am very annoyed with Apple for not fixing their version of Java, and notifying us of this earlier. It would have likely prevented the Java hole to exist that this trojan exploited to infect my Mac Pro without my knowledge.

I was unhappy to find out today that I had this trojan installed on my Mac Pro, but I am relieved now that I was able to uninstall it. I changed my various online account passwords, to prevent the people who ran this botnet from using my personal account names and passwords.

I thought my Mac was more secure than this. I appreciate the reports about this trojan, which caused me to check, and let me know my Mac had been compromised.

As a Mac Pro user I am surprised you are not a bit more savvy. I would suggest investing in Little Snitch rather than relying on Christian Prayers & Music.

From Apple ][ - to new Mac Pro I've owned them all.Long on AAPL so biased"Google doesn't sell you anything, Google just sells you!"

That's tantamount to saying you sleep around bareback because you run in the *right* circle (where all women use the pill and no one has STDs).

You don't feel the need to use AV because the odds are on your side. Fine. But to brag about it like you've accomplished something special?

How do you spell naive?

Many of us that have had to suffer Windows as well as the joy of Macs have a deep hatred of all things AV as they are such a nightmare in terms of slowing down and screwing up Windows almost as much as Microsoft. However, since the day it became available I have used Little Snitch and cannot speak more highly of any utility I have ever used and I have used Macs since the Mac Plus. Before people new to Mac and who are getting nervous here rush out and put their heads in to the Norton et al noose, I'd highly recommend they give Little Snitch a try.

From Apple ][ - to new Mac Pro I've owned them all.Long on AAPL so biased"Google doesn't sell you anything, Google just sells you!"

One would expect the general tech media to go with anything that would tarnish Apple but I would hope an Apple-centric site would due some fact checking. For example, Symantec rates the infection rate for this trojan as very low and this Dr Web outfit is little known; any confirmation from a more established company like Kaspersky? When they make a claim how many computers from Cupertino are affected, doesn't the red flag raise in your mind?

That's tantamount to saying you sleep around bareback because you run in the *right* circle (where all women use the pill and no one has STDs).

You don't feel the need to use AV because the odds are on your side. Fine. But to brag about it like you've accomplished something special?

How do you spell naive?

What about using common sense?
I run Mac OS X since 2004, for a month I tried Sophos, which made my Mac even more vulnerable. And since I, and probably others, don't install everything that wants to be installed, we can be on the safe side.

One would expect the general tech media to go with anything that would tarnish Apple but I would hope an Apple-centric site would due some fact checking. For example, Symantec rates the infection rate for this trojan as very low and this Dr Web outfit is little known; any confirmation from a more established company like Kaspersky?

The return of the "Flashback" malware variant was reported by Ars weeks ago and confirmed by another security company, Intego, late last year I believe. The Java patch that closed the hole was made available in February but Apple delayed offering it to Mac users until this week.http://arstechnica.com/apple/news/20...t-strategy.ars

Many of us that have had to suffer Windows as well as the joy of Macs have a deep hatred of all things AV as they are such a nightmare in terms of slowing down and screwing up Windows almost as much as Microsoft.

Exactly! It's not naivete being confident in the fact that we haven't installed AV software for over ten years. The fact is, we haven't needed AV software and our Macs run more smoothly without it.

Quote:

Originally Posted by digitalclips

However, since the day it became available I have used Little Snitch and cannot speak more highly of any utility I have ever used and I have used Macs since the Mac Plus. Before people new to Mac and who are getting nervous here rush out and put their heads in to the Norton et al noose, I'd highly recommend they give Little Snitch a try.

If a legitimate virus or trojan actually springs up in the wild (which I doubt will happen any time soon), I'll remember to look into this utility. Until then, I'll contune practicing the "safe computing and common sense" AndreiD spoke of and not worry about it.

A trojan horse virus named "Flashback" that surfaced last year is believed to have created a botnet including more than 600,000 infected Macs around the world, with more than half of them in the U.S. alone.

Russian antivirus company Dr. Web issued a report on Wednesday noting that 550,000 computers running OS X had been infected by BackDoor.Flashback variants of the virus, as highlighted by ArsTechnica.

An analyst for the company later updated the figure to note that the size of the botnet had reached 600,00. He also pointed out that 274 bots are originating from Apple's hometown of Cupertino, Calif.

According to a map released by the firm, 56.6 percent of infected computers are located in the United States. Canada was second with 19.8 percent, followed by the U.K. with 12.8 percent of cases.

Apple released a Java Security update on Tuesday to resolve the vulnerabilities that the virus is exploiting, but not before a number of Mac users had been hit with the malicious software. Oracle first issued a fix for the vulnerability in February.

Security firm Intego publicized the Flashback trojan last September. Some variants of the software were even discovered with the potential to disable anti-malware protections within OS X.

They claim 600,000 infected computers. They list a number of countries that show 0.1% of the world's infections - or 600 computers. Let's say that '0.1%' indicates that they found a single infected computer. In order to have the math work out, they would have had to test 1 out of every 600 Macs in the world. With an installed base of 40 M computers, they would have had to have tested a minimum of 70,000 Macs to see if they were infected. I really doubt that they individually tested 70,000 randomly sampled computers in all these different countries.

While they could be doing some sort of automatic online checking, that is not valid because of sampling error. They can only check the computers that come to the testing servers. If they, for example, are using porn or pirate servers for their samples, it is clearly not representative.

"I'm way over my head when it comes to technical issues like this"Gatorguy 5/31/13

The return of the "Flashback" malware variant was reported by Ars weeks ago and confirmed by another security company, Intego, late last year I believe. The Java patch that closed the hole was made available in February but Apple delayed offering it to Mac users until this week.http://arstechnica.com/apple/news/20...t-strategy.ars

I didn't claim that the trojan was made up - I'm disputing this Dr Web's numbers and the FUD to imply that hundreds of computer at the Apple Cupertino campus are part of the bot net.

According to Doctor Web, the security company who analyzed this trojan, they were able to intercept the botnet traffic to count both the number of infected Macs and their geographical location. Per their post at: http://news.drweb.com/show/?i=2341

"Each bot includes a unique ID of the infected machine into the query string it sends to a control server. Doctor Web's analysts employed the sinkhole technology to redirect the botnet traffic to their own servers and thus were able to count infected hosts.

Over 550 000 infected machines running Mac OS X have been a part of the botnet on April 4. These only comprise a segment of the botnet set up by means of the particular BackDoor.Flashback modification."

Yes it is for real. You could have find out yourself if you have checked with Google. But of course you can not use Google because Google is "The Enemy", right?
Doctor web is an antivirus company established in 1992: http://en.wikipedia.org/wiki/Dr._Web

Ok and if the entity exists should we trust the rest of the figures?

Whenever i see an AV company (real or whatever obscure or fake) come up with smith on the net saying beware of this and that i highly look with suspicion because that's exactly how many social engineerings start...and that's what a trojan is all about...social engineering at a lower level.

Yes it is for real. You could have find out yourself if you have checked with Google. But of course you can not use Google because Google is "The Enemy", right?
Doctor web is an antivirus company established in 1992: http://en.wikipedia.org/wiki/Dr._Web

And we all know to trust everything we find through Google. Especially trust Wikipedia as that never lies.

The return of the "Flashback" malware variant was reported by Ars weeks ago and confirmed by another security company, Intego, late last year I believe. The Java patch that closed the hole was made available in February but Apple delayed offering it to Mac users until this week.http://arstechnica.com/apple/news/20...t-strategy.ars

Long term, I think Apple will get out of the business of porting Java to the Mac. Java isn't as critical to Apple's success as a platform as it was 15 years ago. Time to let Oracle do it, like it already does with other platforms.

Many of us that have had to suffer Windows as well as the joy of Macs have a deep hatred of all things AV as they are such a nightmare in terms of slowing down and screwing up Windows almost as much as Microsoft.

It's a good point, to an extent. I just haven't seen AV slow down Windows that much in recent years. But there is no question that, in totality, management of malware is a far greater nightmare on Windows. The problem seems far less daunting on W7 but past history keeps all of us wary.

Quote:

Originally Posted by digitalclips

However, since the day it became available I have used Little Snitch and cannot speak more highly of any utility I have ever used and I have used Macs since the Mac Plus. Before people new to Mac and who are getting nervous here rush out and put their heads in to the Norton et al noose, I'd highly recommend they give Little Snitch a try.

Thanks for the tip. That's one I've not tried.

Quote:

Originally Posted by spinnerlys

What about using common sense?
I run Mac OS X since 2004, for a month I tried Sophos, which made my Mac even more vulnerable. And since I, and probably others, don't install everything that wants to be installed, we can be on the safe side.

That's a fair comment. But in today's world of slacktivism, everyone wants to share stories pictures and links, all with good intentions but poor insight into the ramifications of their actions. It's such an easy world for malware producers that I am impressed the situation isn't worse.